Industrial cybersecurity company Dragos joined on Thursday with Garland Technology in a deal that will use Dragos Platform and Garland Technology’s network TAP products to improve the protection of ICS/OT network infrastructures. The technology will also deliver passive and real-time monitoring, which has become more vital than ever in an ICS/OT environment saddled with legacy equipment, and requiring enhanced visibility, control and cyber resilience across critical infrastructure networks.
The Dragos-Garland technology will minimize risks to ICS/OT network infrastructures and maintain optimal device utilization by transferring the monitoring demands to systems and devices that are not critical to the infrastructure. It will also decrease network downtime and monitoring solution deployment time with easy inline deployment options that require zero configuration changes to existing infrastructure.
The technology will also work towards comprehensive asset visibility supported by virtual or physical appliance options for deployment within hybrid environments enabling detection of industrial control systems (ICS) and operational technology (OT) security threats, irrespective of the infrastructure used. Its easy configuration and deployment options ensure that network infrastructure reliability is maintained and implementation costs for monitoring solutions are minimized, the companies said.
Within the OT environment, a full-duplex copy of the network traffic from each site and segment is fed through the Garland network TAPs (test access points) to minimize blind spots. The Garland network visibility solution will in turn deliver this duplicated traffic from multiple links and locations into the Dragos Platform.
The Dragos Platform then analyzes the traffic to create an accurate and comprehensive asset inventory along with a network map that visualizes all assets’ interconnections. With the continuous data feed, the Dragos Platform analyzes the network traffic and produces notifications of new devices, connections, asset vulnerabilities, misconfigurations, and other suspicious events.
The deep packet level of visibility across critical infrastructures enables defenders to protect their operations more competently from potential disruption caused by threats and anomalies, while improving their safety, reliability, and cyber resilience across their unique network infrastructures, according to a solution brief released by the companies.
Deploying Garland’s high-density aggregator network TAPs allows consolidation of the traffic on the two networks, sending the data to the Dragos Platform and another monitoring solution simultaneously. The configuration provides a side-by-side comparison of how each solution handles asset inventory, vulnerability management, and threat detection with the same data. It is also possible to leverage the port pair functionality of the Garland TAPs and implement the device inline, minimizing the load of the existing network devices.
By tapping points of interest throughout the ICS/OT network, security and other monitoring solutions can receive the network traffic to enhance their defense capabilities without introducing new or manipulated traffic to the production network streams. Organizations can centrally visualize the systems, devices, and interactive communications between them by utilizing the joint Garland and Dragos solution. Additionally, they can continuously monitor and detect threats as they occur and use prescriptive workbench tools for more efficient investigations and responses.
When it comes to defending industrial networks, organizations cannot afford blindspots, drop packets, or to suffer network downtime. In addition, some inherent challenges exist within legacy infrastructures where switches may not have port mirroring or switch port analyzer (SPAN) port options available or adequate system resources to utilize them. In modern ICS/OT network infrastructures where the SPAN ports and resources are available on the switches, they can be prone to drop packets, send unnecessary duplications, or may already be reserved for another purpose.
“To ensure tools like the Dragos Platform protect industrial networks without creating added vulnerabilities, we have specialized network TAPs and accessories for these environments,” Chris Bihary, CEO of Garland Technology, said in a press statement. “Our OT solutions are ideal for networks prone to small spaces, vibration, extreme temperatures, and data diode requirements. Connecting security tools to OT networks using our data diode TAPs ensure tools see the required traffic and never send unwanted traffic back into the industrial network,” he added.